summaryrefslogtreecommitdiff
path: root/src/shared
AgeCommit message (Collapse)Author
2014-02-17Pass log config from systemd to systemd-shutdownZbigniew Jędrzejewski-Szmek
If PID 1 debug logging is enabled, it is nice to keep those settings when switching to systemd-shutdown binary, independently of whether this was done through /proc/cmdline options, or through runtime manipulations.
2014-02-17Extract looping over /proc/cmdline into a shared functionZbigniew Jędrzejewski-Szmek
In cryptsetup-generator automatic cleanup had to be replaced with manual cleanup, and the code gets a bit longer. But existing code had the issue that it returned negative values from main(), which was wrong, so should be reworked anyway.
2014-02-14Fix prototype of get_process_stateZbigniew Jędrzejewski-Szmek
2014-02-15util: fix mismatching function signatureKay Sievers
2014-02-14core: fix detection of dead processesYuxuan Shui
Commit 5ba6985b moves the UNIT_VTABLE(u)->sigchld_event before systemd actually reaps the zombie. Which leads to service_load_pid_file accepting zombie as a valid pid. This fixes timeouts like: [ 2746.602243] systemd[1]: chronyd.service stop-sigterm timed out. Killing. [ 2836.852545] systemd[1]: chronyd.service still around after SIGKILL. Ignoring. [ 2927.102187] systemd[1]: chronyd.service stop-final-sigterm timed out. Killing. [ 3017.352560] systemd[1]: chronyd.service still around after final SIGKILL. Entering failed mode.
2014-02-14shared: include root when canonicalizing conf pathsMichael Marineau
The conf_files_list family accepts an alternate root path to prefix all directories in the list but path_strv_canonicalize_uniq doesn't use it. This results in the suspicious behavior of resolving directory symlinks based on the contents of / instead of the alternate root. This adds a prefix argument to path_strv_canonicalize which will now prepend the prefix, if given, to every path in the list. To avoid answering what a relative path means when called with a root prefix path_strv_canonicalize is now path_strv_canonicalize_absolute and only considers absolute paths. Fortunately all users of already call path_strv_canonicalize with a list of absolute paths.
2014-02-13everywhere: always use O_CLOEXEC where it makes senseLennart Poettering
2014-02-13everywhere: make use of new0() and macro() macros, and stop using perror()Lennart Poettering
2014-02-13core: add SystemCallArchitectures= unit setting to allow disabling of non-nativeLennart Poettering
architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-12syscallfilter: port to libseccompRonny Chevalier
2014-02-12pager: support SYSTEMD_LESS environment variableJason A. Donenfeld
This allows customization of the arguments used by less. The main motivation is that some folks might not like having --no-init on every invocation of less.
2014-02-12nspawn: newer kernels (>= 3.14) allow resetting the audit loginuid, make use ↵Lennart Poettering
of this
2014-02-11journald: log provenience of signalsZbigniew Jędrzejewski-Szmek
2014-02-11efi: fix Undefined reference efi_loader_get_boot_usec when EFI support is ↵Cristian Rodríguez
disabled
2014-02-11machined: optionally, allow registration of pre-existing units (scopesLennart Poettering
or services) as machine with machined
2014-02-11util: modernize readlink_malloc() a bitLennart Poettering
2014-02-11util: drop parse_user_at_host() since its unused nowLennart Poettering
2014-02-10exec: Add SELinuxContext configuration itemMichael Scherer
This permit to let system administrators decide of the domain of a service. This can be used with templated units to have each service in a différent domain ( for example, a per customer database, using MLS or anything ), or can be used to force a non selinux enabled system (jvm, erlang, etc) to start in a different domain for each service.
2014-02-08core: do not print invalid utf-8 in error messagesZbigniew Jędrzejewski-Szmek
2014-02-08core: fix crashes if locale.conf contains invalid utf-8 stringGoffredo Baroncelli
In the parse_env_file_push() and load_env_file_push() functions, there are two assert() call to check if the key or value parameters are utf8 valid. If the strings aren't utf8 valid, assert does abort. These function are used early by systemd to parse some files. For example '/etc/locale.conf'. In my case this file contained a not utf8 sequence, which is bad, but systemd crashed during the boot, which is even worse! The enclosed patch removes the assert and return -EINVAL if the sequence is invalid. This is possible because the caller of these function [1] checks the errors. So the check of an invalid utf8 sequence is still performed, but systemd doesn't crash anymore and logs the error. [1] parse_env_file_internal(), invoked by load_env_file() and parse_env_file()
2014-02-07core: when an already abandoned unit gets abandoned again generate a clean errorLennart Poettering
2014-02-07cgroup: make sure to properly send SIGCONT to all processes of a cgroup if ↵Lennart Poettering
that's requested
2014-02-03conf-parser: warn when we open configuration files with weird access bitsLennart Poettering
2014-01-31use memzero(foo, length); for all memset(foo, 0, length); callsGreg KH
In trying to track down a stupid linker bug, I noticed a bunch of memset() calls that should be using memzero() to make it more "obvious" that the options are correct (i.e. 0 is not the length, but the data to set). So fix up all current calls to memset(foo, 0, length) to memzero(foo, length).
2014-01-30shared: net - use u32ctz to compute prefixlenTom Gundersen
2014-01-30util: add u32ctz() call for determining ctz of uint32_tLennart Poettering
2014-01-30sd-dhcp-client/net-util: make netmask_to_prefixlen genericTom Gundersen
This was originally included in the dhcp-client at my request, but it is not really dhcp-specific and useful outside of it, so let's pull it out.
2014-01-30net-util: verify the address familyTom Gundersen
Error out if the address family is already set to something incompatible with the address being parsed.
2014-01-30utmp: make sure we don't write the utmp reboot record twice on each bootLennart Poettering
(Also, only send the audit msg once, too)
2014-01-28Base mkostemp_safe on mkostempZbigniew Jędrzejewski-Szmek
It is nice to wrap umask handling and return convention, but glibc's mkostemp is async-signal-safe already.
2014-01-28Get rid of write_safeZbigniew Jędrzejewski-Szmek
Current glibc implementation is safe. Kernel does this atomically, and write is actually implemented through writev. So if write is async-signal-safe, than writev pretty much must be too.
2014-01-28always use the same code for creating temporary filesLennart Poettering
Let's unify our code here, and also always specifiy O_CLOEXEC.
2014-01-28util: pick slightly safer open() flags when creating temporary filesLennart Poettering
2014-01-28util: define O_TMPFILE on x86/x86-64, where the generic value is usedLennart Poettering
On other archs we'll not define it so that open_tmpfile() falls back to unguessable name + unlink.
2014-01-28util: pass original flags value to mkostemp(), in open_tmpfile()Lennart Poettering
2014-01-28util: simplify mkostemp_safe()Lennart Poettering
Make it use dev_urandom() and endswith().
2014-01-28util: introduce new dev_urandom() call that is like random_bytes() but ↵Lennart Poettering
doesn't fall back to PRNG
2014-01-28util: modernize loop_read() and loop_write() a bitLennart Poettering
Let's make use of fd_wait_for_event() here, instead of rolling our own.
2014-01-27manager: add systemd.show_status=auto modeZbigniew Jędrzejewski-Szmek
When set to auto, status will shown when the first ephemeral message is shown (a job has been running for five seconds). Then until the boot or shutdown ends, status messages will be shown. No indication about the switch is done: I think it should be clear for the user that first the cylon eye and the ephemeral messages appear, and afterwards messages are displayed. The initial arming of the event source was still wrong, but now should really be fixed.
2014-01-27journal: guarantee async-signal-safety in sd_journald_sendvZbigniew Jędrzejewski-Szmek
signal(7) provides a list of functions which may be called from a signal handler. Other functions, which only call those functions and don't access global memory and are reentrant are also safe. sd_j_sendv was mostly OK, but would call mkostemp and writev in a fallback path, which are unsafe. Being able to call sd_j_sendv in a async-signal-safe way is important because it allows it be used in signal handlers. Safety is achieved by replacing mkostemp with open(O_TMPFILE) and an open-coded writev replacement which uses write. Unfortunately, O_TMPFILE is only available on kernels >= 3.11. When O_TMPFILE is unavailable, an open-coded mkostemp is used. https://bugzilla.gnome.org/show_bug.cgi?id=722889
2014-01-27Replace mkostemp+unlink with open(O_TMPFILE)Zbigniew Jędrzejewski-Szmek
This will only work on Linux >= 3.11, and probably not on all filesystems. Fallback code is provided.
2014-01-27bus: add API calls for connecting to starter busLennart Poettering
Add new calls sd_bus_open() and sd_bus_default() for connecting to the starter bus a service was invoked for, or -- if the process is not a bus-activated service -- the appropriate bus for the scope the process has been started in.
2014-01-27resolve: update sd-resolve to match the other APIs in style and functionalityLennart Poettering
2014-01-22DEFINE_STRING_TABLE_LOOKUP: return _INVALID_* rather than assert on NULL stringTom Gundersen
2014-01-20exec: introduce PrivateDevices= switch to provide services with a private /devLennart Poettering
Similar to PrivateNetwork=, PrivateTmp= introduce PrivateDevices= that sets up a private /dev with only the API pseudo-devices like /dev/null, /dev/zero, /dev/random, but not any physical devices in them.
2014-01-12core: clean up environment block for --user instances a bitLennart Poettering
2014-01-11journald: do not free space when disk space runs lowZbigniew Jędrzejewski-Szmek
Before, journald would remove journal files until both MaxUse= and KeepFree= settings would be satisfied. The first one depends (if set automatically) on the size of the file system and is constant. But the second one depends on current use of the file system, and a spike in disk usage would cause journald to delete journal files, trying to reach usage which would leave 15% of the disk free. This behaviour is surprising for the user who doesn't expect his logs to be purged when disk usage goes above 85%, which on a large disk could be some gigabytes from being full. In addition attempting to keep 15% free provides an attack vector where filling the disk sufficiently disposes of almost all logs. Instead, obey KeepFree= only as a limit on adding additional files. When replacing old files with new, ignore KeepFree=. This means that if journal disk usage reached some high point that at some later point start to violate the KeepFree= constraint, journald will not add files to go above this point, but it will stay (slightly) below it. When journald is restarted, it forgets the previous maximum usage value, and sets the limit based on the current usage, so if disk remains to be filled, journald might use one journal-file-size less on each restart, if restarts happen just after rotation. This seems like a reasonable compromise between implementation complexity and robustness.
2014-01-08No need to canonicalize fixed pathsZbigniew Jędrzejewski-Szmek
2014-01-05shared/install: use char** convention for strvsZbigniew Jędrzejewski-Szmek
2014-01-05strv: multiple cleanupsSimon Peeters
- turn strv_merge into strv_extend_strv. appending strv b to the end of strv a instead of creating a new strv - strv_append: remove in favor of strv_extend and strv_push. - strv_remove: write slightly more elegant - strv_remove_prefix: remove unused function - strv_overlap: use strv_contains - strv_printf: STRV_FOREACH handles NULL correctly